|
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs-Trojaner hat auch mich erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.07.2012, 14:03 | #1 |
| Verschlüsselungs-Trojaner hat auch mich erwischt Nun hat es mich auch erwischt. Habe mich hier im Forum schon mal eingelesen. Nach einer Systemwiederherstellung läuft mein System nun wieder, habe auch schon Spybot und CCleaner drüberlaufenlassen und jetzt mit OTL einen Scan gemacht. Hier die LOG-Dateien:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.07.2012 14:42:05 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Computerservice\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,97% Memory free 5,92 Gb Paging File | 3,96 Gb Available in Paging File | 66,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 603,05 Gb Free Space | 64,74% Space Free | Partition Type: NTFS Drive F: | 930,86 Gb Total Space | 340,36 Gb Free Space | 36,56% Space Free | Partition Type: NTFS Computer Name: WERKSTATT | User Name: Computerservice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2162846056-796596594-3631639613-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2134DE3B-F3A9-4320-8945-AD6DCCAF648C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2703CAFE-0489-47B0-811B-B9BA411C5F02}" = rport=18390 | protocol=6 | dir=out | name=bfbc2_1 | "{29965452-E13E-4DCD-A9F9-87F14A858DFC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3C19AC12-F347-4F70-94DA-A1D1EA80F24A}" = lport=137 | protocol=17 | dir=in | app=system | "{5780F49C-B4D5-4BD5-90D8-E74FD321BD3E}" = rport=137 | protocol=17 | dir=out | app=system | "{66B0BEC8-08ED-4BF8-93B8-7DCB77ABA67A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{679055F7-6994-42A2-A0C6-B16AEE3CFDAC}" = rport=13505 | protocol=6 | dir=out | name=bfbc2_4 | "{733BFD7D-A357-4E6A-A3A8-B3FB951531C2}" = lport=445 | protocol=6 | dir=in | app=system | "{739A6B49-FC81-4AE1-A3D7-01322FA3B14A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{772BD540-A751-408A-AED3-6BE9CA537B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8A8E8DDF-C5C6-43B6-8C32-F85A713B835F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{9284F51C-46C2-4D1F-8A2F-9FF684E3DE1A}" = rport=18395 | protocol=17 | dir=out | name=bfbc2_3 | "{9F9DE46B-A652-440C-84DA-DBBAFD98F5C1}" = lport=138 | protocol=17 | dir=in | app=system | "{A98FA732-B2EF-4A33-B733-70D8864F7AA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C70F98EF-E45F-42C8-98F0-D780C1CAE781}" = rport=18395 | protocol=6 | dir=out | name=bfbc2_2 | "{CE517DE5-2D30-4377-BA4B-F4198D51474F}" = lport=139 | protocol=6 | dir=in | app=system | "{DF283A7C-10DC-4E03-8369-EAF0AE592BB2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{E8A60F3B-498C-48EB-9545-589704FB6BD0}" = rport=139 | protocol=6 | dir=out | app=system | "{F6B36C02-02F6-49C0-8C68-1444D9EAFAE5}" = rport=138 | protocol=17 | dir=out | app=system | "{FAB7E723-F81C-4BE1-84BD-E241CCF1328A}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002400FC-BCFC-40F6-8703-2A785A1CBEC1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{0169A337-0CAC-46D9-B692-2DC829A47B1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty world at war\codwawmp.exe | "{0256D473-F3F3-43B9-9A6D-2DF0F10534E4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | "{0A90C92A-E701-4E31-A19F-09596B1E26C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | "{0C287520-EB5A-4591-A5A5-56FFB95E557B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{0DDA99AA-B1F4-4AF4-99D7-ACF57C1C9AD9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{11D95E0B-BD46-4063-B813-E68491AAE034}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | "{14B5AEC6-D32E-4374-B676-616A1815D5B2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{19B61C5C-2EAD-4B9A-8AE6-5ABA8BECDD42}" = protocol=6 | dir=in | app=c:\users\computerservice\appdata\local\apps\2.0\m8n6y90y.74r\wg0ccpwj.nz5\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe | "{1D07AE51-3539-481B-AF48-A0D8376800CB}" = protocol=17 | dir=in | app=c:\users\computerservice\appdata\local\apps\2.0\m8n6y90y.74r\wg0ccpwj.nz5\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe | "{1FEE699D-4918-4C3F-854A-5A504C35CE4D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{21BCC821-9C30-4978-B821-24F91F65F2A7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{2347C1ED-20A0-4CCE-9C85-1513A029B5D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dxhrml\dxhrml.exe | "{23909448-74B5-4766-A509-88834712F0C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{2CFD4E71-1711-4470-9C05-EB1F3BDC44B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alpha protocol\aplauncher.exe | "{2E4C3F92-EB0F-4A56-B258-2BA552882CC5}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{31FDD5A3-CE32-42F6-AD6F-BC1D711906CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | "{33630F0B-5FE4-4FF7-8F52-61D400E2BCCA}" = protocol=6 | dir=in | app=c:\users\computerservice\appdata\local\apps\2.0\m8n6y90y.74r\wg0ccpwj.nz5\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe | "{34510295-974E-4502-B096-7DB40DCAD80E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | "{39E31787-D9D4-41AF-92F1-A3EDA2D80D88}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{3AC128AA-EA4C-426A-9AF4-919179FF332F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\gerbu1@onlinehome.de\counter-strike source\hl2.exe | "{3B264420-3743-4E5E-90FF-3B037389DFB2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe | "{462400EC-90B9-4A97-A87C-33F660B771E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{486B6BBC-CEF2-449E-A731-550D2A4029BD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{4D690F38-1CE4-4202-9B4B-E136035DA3FE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{4E4155F9-84AE-4E0F-9326-CC7AF98BFD6C}" = protocol=17 | dir=in | app=c:\users\computerservice\appdata\local\apps\2.0\m8n6y90y.74r\wg0ccpwj.nz5\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe | "{546DD216-7F6A-4883-82C2-BF1F93577CAD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{570370A1-F2A6-4D24-B3A9-7BD93CBB36AE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{58B82AF8-EC8B-470F-8892-DB224F1C4708}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{5BA247C1-3A6E-4EE1-BB41-0F7A71FC0046}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{5C4B8759-B694-4AA3-8AAC-51CD19AF8F84}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "{5EB4D411-6983-4E39-9E48-97CB1678843D}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{69C3000D-2A1B-4E0F-962E-8EF56AAC8D03}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{6B34C7AC-66AC-4632-85AE-21805E49474D}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{6C81259C-B42E-4E88-8A8C-A26585B52B0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm | "{6F8FCF25-2DA0-45A5-A276-B6794D6161B7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead space\dead space.exe | "{70925B3E-403C-4401-B488-BE9C73CFA372}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{757571B8-6594-49A4-BF05-A192037AB418}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{772EB471-96E7-496F-AB39-DC9AA5CD03F7}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{7882AB9C-1426-423F-8089-BE32676C9F21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{79D102F4-E6CA-4953-93AC-C7C7533D2F2F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | "{7D618BDC-3210-4A97-913F-70DA951F775A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | "{8356DCCB-8177-4C7A-B661-3CAB1B0C2BA4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "{88338EBF-9F21-45F2-B50D-4D343A3BF47F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{88844AF6-E1D7-477C-8548-2B13D0EE35D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{89C109AD-4086-43B6-AE64-30E0795E98B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{8AAC39EB-549F-4796-9F8E-B0A609FAA9DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{8DDDA412-394E-49AA-9FCC-C580BFEB0EBA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{8ED5523C-8144-493E-A5D8-A17A69F53CCF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{91618AB0-9B1A-43CF-B2E2-EB4CA1127111}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\gerbu1@onlinehome.de\counter-strike source\hl2.exe | "{926F52CF-7920-4058-B446-749D6C78A97A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | "{94428A29-C22D-4E70-B0D0-DC17B185874B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alpha protocol\aplauncher.exe | "{976C2C6D-516C-4E40-82BF-2AF2ED4D052D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe | "{9A403A7F-123C-4D61-97CE-BFBD3AAF316C}" = protocol=6 | dir=in | app=c:\program files\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{9A4626C1-6FC6-4E8E-AA21-E13B6D74D6C0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{9B0E96BE-CC47-42FB-8185-3DA9F018EFC9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{9B9D2873-85E8-4A12-9350-9EB0AF2FAC4F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{9CCCFA8C-30D0-48D0-BD87-4544A2071539}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{A17F262A-EEAF-4930-A6E1-A79D53BD5697}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{A206266A-D4FA-4097-BE46-4A18D1E8D49C}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{ABE41C01-36B7-4574-9CDA-03BB3501B793}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | "{B3C259BB-6AB7-4B16-894E-FFE569465A26}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{B4C4631B-D4BF-4796-BC17-714B3750B53B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{B4C85269-FC93-476F-A48A-5FD89833035B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B608FE13-99F1-4F1A-A3E1-5BE4EB867157}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{BC332A1E-87D7-43DF-B211-A26E29B35C04}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{BEAA21E6-B7F5-4966-9300-1B2B216FE4BF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | "{BFA04879-4588-4915-8EB6-8A3385CF32F5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | "{BFD61F20-6E46-41D9-BE36-E9EA3542D3AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | "{C1C6991C-F33A-4AD9-A8AB-B26DF22D465A}" = dir=out | app=%programfiles%\runes of magic\client.exe | "{C204B041-054F-4200-8E92-A61A2322DF59}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{C2BC35FC-2D67-49EC-8DEC-75655DF171CA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{C3E47F51-DC35-40C7-9D77-0274C05EFFFA}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs3\photoshop.exe | "{C52FAF4E-82D2-49E0-B433-62497BDB187B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{C6EE6F42-A01F-4629-9984-3A53EF64A343}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{CBC53169-4193-40B3-ACF5-CD24CB6AFFFF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty world at war\codwawmp.exe | "{CDE02229-DF6F-4065-953E-07D99C36CE83}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | "{CF369A84-20D4-48FB-80D6-5617323AE9F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CF532ED7-345B-4E92-BCE8-D56EDDAD47DC}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{CFA4A1F8-B567-460F-93E0-78A48159EE71}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty world at war\codwaw.exe | "{D1C01A79-B519-4CE3-AE6D-D4A4D6A9AB50}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty world at war\codwaw.exe | "{D5FE72EC-0B32-432A-B2D2-AAD1B5E22CD4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | "{DA8C928F-841F-42CC-9388-C34F38A6DE63}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{DD04CD88-046B-4169-8201-34DC0E237866}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{DD13137A-ACCA-4C10-95D3-761DE21F0FB3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | "{E205FD01-4156-4A3B-898A-3A0DB36685D0}" = protocol=17 | dir=in | app=c:\program files\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{E89851B1-822E-47AE-9CFD-2ADEB6DB08D4}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | "{ECC7CA17-D1E9-4698-A2D8-CD6A50709A03}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{EE88A08A-E3D3-4334-B279-737290F4FED7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dxhrml\dxhrml.exe | "{EF1EC042-D65C-4BF3-9385-56D269230265}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm | "{F23F44AD-2AE7-43C7-B4C3-40ABEAA38477}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{F2FA2694-18B8-4601-82E1-68A1F799E65F}" = dir=in | app=%programfiles%\adobe\adobe photoshop cs3\photoshop.exe | "{F895FFD7-3797-404C-87F4-F1B0D0328E34}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead space\dead space.exe | "{FA4E51DE-5F55-49FE-9B0F-16A009057BC4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | "{FD67348B-DA7B-4637-A67A-6DFF2F3ECFE6}" = dir=out | app=%programfiles%\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{FEA28F1B-B85F-4F65-821E-1D057D6B5FAC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | "TCP Query User{21153206-FC26-4AE2-9B51-ECF3DD144308}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "TCP Query User{56B1C5EB-C9CC-4CB8-92AC-755AACE0516C}C:\program files\runes of magic\launcher.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\launcher.exe | "TCP Query User{65D921D0-39DF-4F31-934B-C4B954950161}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | "TCP Query User{7E13077F-EE3A-4ACD-A175-E7E73D7A86A8}C:\program files\steam\steamapps\gerbu1@onlinehome.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\gerbu1@onlinehome.de\counter-strike source\hl2.exe | "TCP Query User{B1B8256D-20EB-4952-B786-0D1AF5A493F8}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "TCP Query User{B453D4F2-440C-4971-B2BE-D0728D02EA91}C:\program files\steam\steamapps\common\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead space\dead space.exe | "TCP Query User{DEA80BD9-D5BB-44B8-80D3-73C2A52BF5A4}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | "TCP Query User{F23BD8D4-A0B1-4C96-9E8F-6262B5DE0DB1}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | "TCP Query User{F52F3F67-1760-41E4-92ED-A8302DA61EB7}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "UDP Query User{0B1D22A1-80E8-42A2-9B61-106289E83343}C:\program files\steam\steamapps\common\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead space\dead space.exe | "UDP Query User{0E54927B-B664-4928-8BBD-04D6E1C5443E}C:\program files\runes of magic\launcher.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\launcher.exe | "UDP Query User{3D4AE8D8-1DA9-46EE-A387-4D55F4CE2AF9}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | "UDP Query User{3D674BEF-36FE-4828-BB13-D083A30868AA}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | "UDP Query User{4E132646-EFF8-45AE-8351-93061F684C23}C:\program files\steam\steamapps\gerbu1@onlinehome.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\gerbu1@onlinehome.de\counter-strike source\hl2.exe | "UDP Query User{66EF4D91-5897-43A6-A017-724B5916C1D8}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "UDP Query User{CBA34161-391E-40D8-A08D-EAD7D02EF1CC}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "UDP Query User{E3E6E154-2450-4C53-8481-CBD50654244C}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | "UDP Query User{E7E32D14-57DD-4A33-A9E6-66A100B81816}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0D8382-42D5-4666-92F5-0051FF260C35}" = Heizkosten easy "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series" = Canon MG8100 series MP Drivers "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client "{1CC8D666-9060-4CC1-8723-6660BCD896E0}" = SILKYPIX Developer Studio Pro Deutsch "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2C41394E-E15B-47DC-B33C-54D33EA85B68}" = Lexware online banking "{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish "{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish "{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken 2012 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{39E8BA04-625F-433B-B66F-C1D3F77B70FA}" = DK Binnen Navigator Demo "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3A479D3A-2607-4C4C-85F3-B2886D61B964}" = SIGMA Photo Pro 4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{427875CA-82DE-42B5-8B15-EA7DC60BB91A}" = QuickImmobilie 2012 "{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler "{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai "{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard "{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4F726761-6E69-7A65-7236-2E31302D0407}" = IBM Lotus Organizer 6 - Deutsch "{52167B0C-FB5D-43E7-BEC5-24EE6BEE2BA0}" = DVSE Updater "{536D6172-7453-7569-7465-392E38300407}" = Lotus SmartSuite - Deutsch "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}" = AVM FRITZ!Fernzugang "{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = LuminanceHDR 2.0.2 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04 "{784FA0FE-1544-4AFA-BE23-A9CCDB516993}" = Post T Lodelo Demoversion "{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese "{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}" = Servicepack Datumsaktualisierung "{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish "{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}" = Quicken Import Export Server Jubiläumsversion "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{811E4E77-05C8-422E-8077-B9A80BF15C68}" = DReport Viewer 4 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91130407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software 8.12 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96B28BEC-4B17-433A-83D2-19C1B2EC9CEE}" = DDBAC "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten "{A907A713-DA24-4352-8786-96C7A6944646}" = Quicken Jubiläumsversion "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013 "{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B582947F-F34D-4081-A5B9-24CBF09F8C15}" = Adobe Setup "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B99C3D18-BA4B-4D65-A500-D364E3D2A8A3}" = SIGMA Photo Pro 5 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BA67821E-9FA2-4D53-84D1-2571C40CF9C5}" = QuickImmobilie 2012 - Servicepack 1 "{BD88D49B-15CE-48DF-B24F-4C0BC683EBF2}" = Nebenkosten easy "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C028F57F-603A-AB6E-F2D0-1374EA538F8A}" = ccc-utility "{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C725719D-AEEA-61C8-E732-E29513201D59}" = AMD Fuel "{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding "{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20 "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian "{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English "{EA75A269-0206-A2AA-D125-3F959E7EB72E}" = AMD Media Foundation Decoders "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F3A9DCFA-948D-46B2-8F04-4C072068C902}" = QuickImmobilie 2011 - Servicepack 1 "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4 "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FB9225A0-7458-4025-8EF7-9C5B4FBD50EE}" = QuickImmobilie 2011 "{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "1-abc.net Hard Drive Washer" = 1-abc.net Hard Drive Washer (Remove only) "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Battlelog Web Plugins" = Battlelog Web Plugins "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CCleaner" = CCleaner "CrystalDiskInfo_is1" = CrystalDiskInfo 3.6.4 "DivX Setup" = DivX-Setup "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ESN Sonar-0.70.4" = ESN Sonar "FLV Player" = FLV Player 2.0 (build 25) "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "FujiDirekt_is1" = FujiDirekt "Harrys Filters 4.0 (Plugin)_is1" = Harrys Filters 4.0 (Plugin) "InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE "InstallShield_{1CC8D666-9060-4CC1-8723-6660BCD896E0}" = SILKYPIX Developer Studio Pro Deutsch "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{39E8BA04-625F-433B-B66F-C1D3F77B70FA}" = DK Binnen Navigator Demo "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D) "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU "Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MyAshampoo Toolbar" = MyAshampoo Toolbar "Neat Image plug-in for Photoshop_is1" = Neat Image v7.0 Pro plug-in for Photoshop "Neat Image_is1" = Neat Image v6 Demo (with plug-in) "OpenAL" = OpenAL "Organizer Conversion Utility" = Organizer Conversion Utility "Origin" = Origin "PhotoFilmStrip_is1" = PhotoFilmStrip 1.4.0 "Picasa 3" = Picasa 3 "Post T Arnhem 1965 DEMO" = Post T Arnhem 1965 DEMO "PunkBusterSvc" = PunkBuster Services "Retouch Pilot Lite_is1" = Retouch Pilot Lite 3.0.4 "S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky "Steam App 10090" = Call of Duty: World at War "Steam App 101002" = Duke Nukem Forever Brady Guide "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 17450" = Dragon Age: Origins "Steam App 17460" = Mass Effect "Steam App 17470" = Dead Space "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link "Steam App 240" = Counter-Strike: Source "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 28050" = Deus Ex: Human Revolution "Steam App 34010" = Alpha Protocol "Steam App 34330" = Total War: SHOGUN 2 "Steam App 34830" = Sniper: Ghost Warrior "Steam App 39160" = Dungeon Siege III "Steam App 41500" = Torchlight "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 43110" = Metro 2033 "Steam App 44320" = DiRT 3 "Steam App 47730" = Dragon Age: Origins - Awakening "Steam App 57900" = Duke Nukem Forever "Steam App 72850" = The Elder Scrolls V: Skyrim "SystemRequirementsLab" = System Requirements Lab "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 7" = TeamViewer 7 "TS3 Overlay" = TS3 Overlay "Uninstall_is1" = Uninstall 1.0.0.1 "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2162846056-796596594-3631639613-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.07.2012 04:32:00 | Computer Name = Werkstatt | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.07.2012 12:07:57 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = Error - 03.07.2012 14:26:59 | Computer Name = Werkstatt | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MassEffect.exe, Version: 1.2.20608.0, Zeitstempel: 0x4a55fea1 Name des fehlerhaften Moduls: MassEffect.exe, Version: 1.2.20608.0, Zeitstempel: 0x4a55fea1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b9003c ID des fehlerhaften Prozesses: 0x1660 Startzeit der fehlerhaften Anwendung: 0x01cd594099c95017 Pfad der fehlerhaften Anwendung: C:\Program Files\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe Pfad des fehlerhaften Moduls: C:\Program Files\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe Berichtskennung: ac786c65-c53c-11e1-9532-5404a6125f72 Error - 04.07.2012 03:26:53 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = Error - 04.07.2012 04:10:15 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = Error - 04.07.2012 04:13:26 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = Error - 04.07.2012 05:30:07 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = Error - 04.07.2012 06:14:34 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = Error - 04.07.2012 06:28:43 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = Error - 04.07.2012 06:58:41 | Computer Name = Werkstatt | Source = WDSmartWareBackgroundService | ID = 0 Description = [ System Events ] Error - 04.07.2012 06:09:05 | Computer Name = Werkstatt | Source = DCOM | ID = 10005 Description = Error - 04.07.2012 06:14:13 | Computer Name = Werkstatt | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.07.2012 06:14:58 | Computer Name = Werkstatt | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.07.2012 06:15:13 | Computer Name = Werkstatt | Source = DCOM | ID = 10016 Description = Error - 04.07.2012 06:27:50 | Computer Name = Werkstatt | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.07.2012 06:28:48 | Computer Name = Werkstatt | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.07.2012 06:28:50 | Computer Name = Werkstatt | Source = DCOM | ID = 10016 Description = Error - 04.07.2012 06:58:13 | Computer Name = Werkstatt | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.07.2012 06:58:57 | Computer Name = Werkstatt | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.07.2012 06:59:13 | Computer Name = Werkstatt | Source = DCOM | ID = 10016 Description = < End of report > Und die andere noch:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.07.2012 14:42:05 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Computerservice\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,97% Memory free 5,92 Gb Paging File | 3,96 Gb Available in Paging File | 66,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 603,05 Gb Free Space | 64,74% Space Free | Partition Type: NTFS Drive F: | 930,86 Gb Total Space | 340,36 Gb Free Space | 36,56% Space Free | Partition Type: NTFS Computer Name: WERKSTATT | User Name: Computerservice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Computerservice\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\ASUS\AXSP\1.00.14\atkexComSvc.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () PRC - C:\Programme\ASUS\AAHM\1.00.14\aaHMSvc.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe () PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY) PRC - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) PRC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) PRC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) PRC - C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Computerservice\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Acronis\TrueImageHome\tishell.dll () MOD - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () MOD - C:\Programme\Acronis\TrueImageHome\Common\resource.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\thread_pool.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVKWCtl) -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVKService) -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) SRV - (asComSvc) -- C:\Programme\ASUS\AXSP\1.00.14\atkexComSvc.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Futuremark SystemInfo Service) -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (asHmComSvc) -- C:\Programme\ASUS\AAHM\1.00.14\aaHMSvc.exe () SRV - (nlsX86cc) -- C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Programme\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Professional.10.0) -- C:\Programme\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY) SRV - (AODService) -- C:\Programme\AMD\OverDrive\AODAssist.exe () SRV - (DAUpdaterSvc) -- c:\Programme\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (nwtsrv) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (avmike) -- C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WDSmartWareBackgroundService) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found DRV - (ALSysIO) -- C:\Users\COMPUT~1\AppData\Local\Temp\ALSysIO.sys File not found DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG) DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (ASUSFILTER) -- C:\Windows\System32\drivers\ASUSFILTER.sys (MCCI Corporation) DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices) DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices) DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (fwlanusb4) -- C:\Windows\System32\drivers\fwlanusb4.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin) DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (SPR3322K) -- C:\Windows\System32\drivers\SPR3322K.sys (SCM Microsystems Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: guiconfig@slosd.net:1.1.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.13 22:16:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:12:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.13 22:05:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:12:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.13 22:05:49 | 000,000,000 | ---D | M] [2010.06.03 22:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computerservice\AppData\Roaming\mozilla\Extensions [2010.06.03 22:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computerservice\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.20 08:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computerservice\AppData\Roaming\mozilla\Firefox\Profiles\cgnvn6js.default\extensions [2011.08.26 07:42:06 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Computerservice\AppData\Roaming\mozilla\Firefox\Profiles\cgnvn6js.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.05.20 08:01:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Computerservice\AppData\Roaming\mozilla\Firefox\Profiles\cgnvn6js.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.12.04 20:35:14 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Computerservice\AppData\Roaming\mozilla\Firefox\Profiles\cgnvn6js.default\extensions\DeviceDetection@logitech.com [2010.12.15 17:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Computerservice\AppData\Roaming\Mozilla\Firefox\Profiles\cgnvn6js.default\searchplugins\conduit.xml [2012.06.06 07:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.11 17:44:05 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.05.13 22:16:02 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.11 17:44:05 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD} [2011.12.30 20:42:02 | 000,074,526 | ---- | M] () (No name found) -- C:\USERS\COMPUTERSERVICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CGNVN6JS.DEFAULT\EXTENSIONS\{11483926-DB67-4190-91B1-EF20FCEC5F33}.XPI [2011.10.29 09:28:58 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\COMPUTERSERVICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CGNVN6JS.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.02.14 20:34:48 | 000,204,717 | ---- | M] () (No name found) -- C:\USERS\COMPUTERSERVICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CGNVN6JS.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI [2011.10.18 20:06:22 | 000,174,405 | ---- | M] () (No name found) -- C:\USERS\COMPUTERSERVICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CGNVN6JS.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI [2012.06.06 07:34:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.14 08:25:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 08:25:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.14 08:25:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 08:25:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 08:25:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 08:25:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.04 13:44:39 | 000,443,048 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15219 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\lotus\org6\organize\iehelper.dll () O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CherryConfigDlg] C:\Program Files\Cherry\SmartDevice\ConfigDlg.exe (Cherry GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () O4 - HKLM..\Run: [WAREHaus easy] C:\Program Files\Heizkosten easy\UDT2.exe () O4 - HKU\S-1-5-21-2162846056-796596594-3631639613-1001..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\.DEFAULT..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found O4 - HKU\S-1-5-18..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Computerservice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Computerservice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBM Lotus Organizer 6.lnk = C:\lotus\org6\organize\org6.exe (IBM Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-2162846056-796596594-3631639613-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{030CBA56-5B5C-4E30-8FE1-D383F68F4AFF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F2C9F62-5638-4F3C-A87C-B9E4E34B8FF5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76DEA141-84AA-4DE5-A6F3-D402C5B14677}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A36827F-CF2A-4E07-9A49-C95CB7188AAE}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD488BDB-DE6D-42C9-BFDE-F194C745A4FA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1f3d90ec-d047-11df-b81a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1f3d90ec-d047-11df-b81a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoStarter.exe O33 - MountPoints2\{6181d124-d6d1-11de-af01-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6181d124-d6d1-11de-af01-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRunCD.exe O33 - MountPoints2\{b5ff4f59-87f7-11df-b051-90e6ba6df4df}\Shell - "" = AutoRun O33 - MountPoints2\{b5ff4f59-87f7-11df-b051-90e6ba6df4df}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{d52bb15f-97e8-11e0-946b-90e6ba6df4df}\Shell - "" = AutoRun O33 - MountPoints2\{d52bb15f-97e8-11e0-946b-90e6ba6df4df}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{ebaf4ed4-d578-11de-bff2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ebaf4ed4-d578-11de-bff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Treiber-Studio_WebInstall.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 14:10:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Computerservice\Desktop\OTL.exe [2012.07.03 10:35:15 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\Documents\Steam [2012.07.02 13:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.02 13:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012.07.02 13:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.07.02 12:48:01 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.07.02 12:48:01 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.07.02 12:47:49 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.07.02 12:47:49 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.07.02 12:47:49 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.07.02 12:47:36 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.07.02 12:47:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.15 10:00:52 | 000,825,232 | ---- | C] (DataDesign AG) -- C:\Windows\System32\Ddbaccpl.cpl [2012.06.15 10:00:52 | 000,227,216 | ---- | C] (DataDesign AG) -- C:\Windows\System32\ddBACCTM.cpl [2012.06.13 22:17:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.06.13 22:17:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.06.13 22:17:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.06.13 22:17:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.06.13 22:17:33 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.06.13 22:17:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.06.13 22:17:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.06.13 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\AppData\Local\LogiShrd [2012.06.13 18:34:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012.06.13 17:55:02 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.06.13 17:55:01 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.06.13 17:55:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.06.13 17:55:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.06.12 17:25:37 | 000,015,600 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2012.06.11 20:58:44 | 008,733,696 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys [2012.06.11 20:35:40 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\System32\coinst_8.98.dll [2012.06.11 19:25:06 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe [2012.06.11 19:20:02 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2012.06.11 19:19:36 | 000,468,992 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe [2012.06.11 19:19:02 | 000,217,600 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe [2012.06.11 19:17:50 | 000,163,840 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll [2012.06.11 19:17:40 | 000,020,992 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll [2012.06.11 19:17:32 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll [2012.06.11 19:16:48 | 006,301,696 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atidxx32.dll [2012.06.11 18:53:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2012.06.11 18:45:46 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll [2012.06.11 18:45:38 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll [2012.06.11 18:40:58 | 013,277,696 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll [2012.06.11 18:25:48 | 000,295,936 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys [2012.06.11 18:24:24 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\ati2erec.dll [2012.06.11 18:23:10 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll [2012.06.11 18:23:10 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll [2012.06.11 17:44:05 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.de.dll [2012.06.11 13:50:24 | 000,065,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OpenVideo.dll [2012.06.11 13:50:14 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OVDecode.dll [2012.06.11 13:49:22 | 013,008,896 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\amdocl.dll [2012.06.10 17:47:14 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\AppData\Local\Samsung [2012.06.10 17:47:10 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\AppData\Roaming\Samsung [2012.06.10 17:47:09 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\Documents\samsung [2012.06.10 17:44:37 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys [2012.06.10 17:44:37 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys [2012.06.10 17:44:37 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys [2012.06.10 17:44:37 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys [2012.06.10 17:44:37 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys [2012.06.10 17:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.06.10 17:43:13 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.06.10 17:42:55 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.06.10 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.06.10 17:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.06.10 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2012.06.10 11:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2012.06.10 11:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player [2012.06.10 09:17:25 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\Documents\Battlefield 3 [2012.06.09 22:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.06.09 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\AppData\Local\Origin [2012.06.09 18:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.06.09 18:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2012.06.09 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Computerservice\AppData\Local\Macromedia [2012.06.09 14:48:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012.06.09 14:48:12 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2012.06.09 14:48:08 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2012.06.09 14:48:01 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2012.06.09 14:48:01 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2012.06.09 14:48:00 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2012.06.09 14:47:59 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll [2012.06.09 14:47:59 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2012.06.09 14:47:58 | 001,974,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2012.06.09 14:47:58 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll [2012.06.09 14:47:58 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll [2012.06.09 14:47:51 | 000,469,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2012.06.09 14:47:51 | 000,069,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2012.06.09 14:47:36 | 001,084,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2012.06.09 14:47:35 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012.06.09 14:47:34 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012.06.09 14:47:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012.06.09 14:47:34 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012.06.09 14:47:31 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012.06.09 14:47:31 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012.06.09 14:47:30 | 000,544,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat [2012.06.09 14:47:29 | 001,705,816 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2012.06.09 14:47:28 | 000,341,848 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2012.06.09 14:47:28 | 000,096,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2012.06.09 14:47:28 | 000,081,240 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2012.06.09 14:47:28 | 000,061,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2012.06.09 14:47:27 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2012.06.09 14:47:25 | 001,439,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2012.06.09 14:47:22 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.06.09 14:47:20 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2012.06.09 14:47:19 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.06.09 14:47:19 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2012.06.09 14:47:07 | 001,558,944 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.06.09 14:47:04 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012.06.09 14:47:03 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012.06.09 14:47:03 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012.06.09 14:47:02 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012.06.09 14:47:01 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012.06.09 14:47:00 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012.06.09 14:47:00 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012.06.09 14:47:00 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012.06.09 14:47:00 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012.06.09 14:47:00 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012.06.09 14:46:59 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012.06.09 14:46:58 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012.06.09 14:46:56 | 000,175,200 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2012.06.09 14:46:56 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2012.06.09 14:46:48 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012.06.06 20:55:36 | 000,037,504 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys [2012.06.04 22:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2012.06.04 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.06.04 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.06.04 21:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.04 14:10:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Computerservice\Desktop\OTL.exe [2012.07.04 14:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.04 13:54:12 | 000,021,452 | ---- | M] () -- C:\Users\Computerservice\Documents\cc_20120704_135359.reg [2012.07.04 13:49:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.04 13:44:39 | 000,443,048 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.04 13:06:29 | 000,016,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 13:06:29 | 000,016,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 12:59:36 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.04 12:58:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 12:57:58 | 2385,534,976 | -HS- | M] () -- C:\hiberfil.sys [2012.07.04 12:36:42 | 000,699,953 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.07.04 12:36:42 | 000,041,303 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.07.04 12:05:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.03 11:13:31 | 000,000,215 | ---- | M] () -- C:\Users\Computerservice\Desktop\Mass Effect.url [2012.07.02 22:15:44 | 000,442,922 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120704-120000.backup [2012.07.02 22:15:44 | 000,442,922 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120704-134438.backup [2012.07.02 22:06:27 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.02 22:06:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.02 21:35:01 | 000,001,883 | ---- | M] () -- C:\Users\Computerservice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.02 17:09:25 | 000,002,763 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk [2012.07.02 17:09:25 | 000,002,747 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Jubiläumsversion.lnk [2012.07.02 13:45:46 | 000,778,904 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.02 13:45:46 | 000,730,590 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.02 13:45:46 | 000,179,864 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.02 13:45:46 | 000,151,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.15 10:00:52 | 000,825,232 | ---- | M] (DataDesign AG) -- C:\Windows\System32\Ddbaccpl.cpl [2012.06.15 10:00:52 | 000,227,216 | ---- | M] (DataDesign AG) -- C:\Windows\System32\ddBACCTM.cpl [2012.06.15 09:53:50 | 000,069,544 | ---- | M] () -- C:\Windows\System32\ddbac.tlb [2012.06.14 21:27:46 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.06.14 21:27:36 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.06.14 21:27:15 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.06.14 05:38:04 | 004,057,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 18:34:41 | 000,001,856 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2012.06.12 17:25:37 | 000,015,600 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys [2012.06.11 20:35:40 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\System32\coinst_8.98.dll [2012.06.11 20:00:32 | 020,467,712 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll [2012.06.11 19:26:12 | 000,263,840 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb [2012.06.11 19:25:06 | 000,163,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe [2012.06.11 19:24:58 | 000,924,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\aticfx32.dll [2012.06.11 19:20:02 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe [2012.06.11 19:17:50 | 000,163,840 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll [2012.06.11 19:17:40 | 000,020,992 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll [2012.06.11 19:17:32 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll [2012.06.11 19:16:48 | 006,301,696 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atidxx32.dll [2012.06.11 18:45:46 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll [2012.06.11 18:45:44 | 005,480,448 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdag.dll [2012.06.11 18:45:38 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll [2012.06.11 18:43:18 | 004,729,344 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll [2012.06.11 18:41:48 | 002,971,136 | ---- | M] () -- C:\Windows\System32\atiumdva.cap [2012.06.11 18:40:58 | 013,277,696 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll [2012.06.11 18:26:52 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll [2012.06.11 18:26:36 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll [2012.06.11 18:26:22 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys [2012.06.11 18:25:12 | 000,042,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll [2012.06.11 18:24:58 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll [2012.06.11 18:24:24 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\ati2erec.dll [2012.06.11 18:23:10 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll [2012.06.11 18:23:10 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll [2012.06.11 17:44:05 | 000,054,648 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2012.06.11 13:50:42 | 000,159,232 | ---- | M] () -- C:\Windows\System32\clinfo.exe [2012.06.11 13:50:24 | 000,065,024 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OpenVideo.dll [2012.06.11 13:50:14 | 000,056,320 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OVDecode.dll [2012.06.11 13:49:22 | 013,008,896 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\amdocl.dll [2012.06.09 22:14:49 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.06.09 22:14:27 | 000,138,056 | ---- | M] () -- C:\Users\Computerservice\AppData\Roaming\PnkBstrK.sys [2012.06.09 18:46:02 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.06.09 14:45:40 | 000,022,155 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2012.06.08 20:17:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\WSD-7d9fad8b-e21b-4ae3-8845-f5b03c4fea3b.006e [2012.06.06 21:20:28 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.06.06 20:28:48 | 002,491,104 | ---- | M] () -- C:\Windows\PE_Rom.dll [2012.06.06 20:26:44 | 002,555,408 | ---- | M] () -- C:\Windows\PE_File.dll [2012.06.06 20:23:38 | 000,001,396 | ---- | M] () -- C:\Windows\MB.idx [2012.06.06 20:22:36 | 000,000,551 | ---- | M] () -- C:\Windows\Path.idx [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.04 13:54:03 | 000,021,452 | ---- | C] () -- C:\Users\Computerservice\Documents\cc_20120704_135359.reg [2012.07.03 11:13:31 | 000,000,215 | ---- | C] () -- C:\Users\Computerservice\Desktop\Mass Effect.url [2012.07.02 21:35:01 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 21:35:01 | 000,001,883 | ---- | C] () -- C:\Users\Computerservice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.02 21:24:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.15 09:53:50 | 000,069,544 | ---- | C] () -- C:\Windows\System32\ddbac.tlb [2012.06.13 18:34:41 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2012.06.11 19:26:12 | 000,263,840 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2012.06.11 18:41:48 | 002,971,136 | ---- | C] () -- C:\Windows\System32\atiumdva.cap [2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.06.09 22:14:49 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.06.09 18:46:02 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.06.08 20:17:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WSD-7d9fad8b-e21b-4ae3-8845-f5b03c4fea3b.006e [2012.06.06 20:26:40 | 004,194,304 | ---- | C] () -- C:\Windows\SABERTOOTH-990FX-ASUS-1102.ROM [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.04.14 18:17:43 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.04.05 17:25:33 | 000,001,456 | ---- | C] () -- C:\Users\Computerservice\AppData\Local\Adobe Save for Web 13.0 Prefs [2012.03.21 21:34:47 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.02.20 22:06:56 | 000,059,232 | ---- | C] () -- C:\Windows\System32\CNC8100W.DAT [2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2011.12.03 07:37:23 | 002,555,408 | ---- | C] () -- C:\Windows\PE_File.dll [2011.12.03 07:34:07 | 002,491,104 | ---- | C] () -- C:\Windows\PE_Rom.dll [2011.12.03 06:47:52 | 000,011,456 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.12.03 06:47:50 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2011.12.03 06:18:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.12.03 06:18:29 | 000,022,155 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.10.29 14:55:39 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.01 07:07:59 | 000,699,953 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.06.16 11:29:10 | 000,049,792 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusb4.bin [2011.06.07 21:58:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll [2011.03.24 18:07:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2011.03.09 21:36:55 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.03 21:28:31 | 000,004,608 | ---- | C] () -- C:\Users\Computerservice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.03 21:27:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.11.18 21:51:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Effects [2010.11.18 21:51:08 | 000,000,268 | RH-- | C] () -- C:\Users\Computerservice\AppData\Roaming\Drum Kits [2010.11.18 21:51:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2010.11.18 21:50:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Clav [2010.11.18 21:50:58 | 000,000,268 | RH-- | C] () -- C:\Users\Computerservice\AppData\Roaming\Drums [2010.11.18 21:45:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.11.18 21:41:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Animals [2010.11.18 21:41:04 | 000,000,268 | RH-- | C] () -- C:\Users\Computerservice\AppData\Roaming\Analog Mono [2010.11.18 21:41:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.11.18 21:39:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Swirl [2010.11.18 21:39:49 | 000,000,268 | RH-- | C] () -- C:\Users\Computerservice\AppData\Roaming\Ambience [2010.11.18 21:39:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010.10.01 20:55:16 | 000,048,736 | ---- | C] () -- C:\Users\Computerservice\AppData\Roaming\mdbu.bin [2010.09.30 17:24:53 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.30 17:24:36 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.09.30 17:24:35 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.08.03 07:20:56 | 000,011,832 | R--- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys [2010.07.05 15:22:22 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.06.23 17:40:18 | 000,042,224 | ---- | C] () -- C:\Users\Computerservice\AppData\Roaming\Lotus Organizer 5.x.ADR [2010.06.23 17:40:16 | 000,009,890 | ---- | C] () -- C:\Users\Computerservice\AppData\Roaming\Lotus Organizer 5.x.TSK [2010.06.23 17:40:14 | 000,011,620 | ---- | C] () -- C:\Users\Computerservice\AppData\Roaming\Lotus Organizer 5.x.CAL [2009.12.30 12:59:13 | 000,000,103 | ---- | C] () -- C:\Users\Computerservice\AppData\Local\fusioncache.dat [2009.12.27 16:11:52 | 000,138,056 | ---- | C] () -- C:\Users\Computerservice\AppData\Roaming\PnkBstrK.sys [2009.11.15 14:27:10 | 000,007,623 | ---- | C] () -- C:\Users\Computerservice\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2011.11.13 12:21:02 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\1-abc [2011.02.16 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\3B494499-E47C-491D-920E-0850BDC32BCF [2011.02.16 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\4CF68A35-DCC1-4A34-B1C9-EBBEA3308418 [2011.10.05 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Acronis [2011.03.24 15:10:17 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Ashampoo [2011.04.03 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\AVM [2010.06.19 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Blackberry Desktop [2011.03.03 21:13:31 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Canneverbe Limited [2012.02.22 22:56:21 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Canon [2012.02.20 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\CD-LabelPrint [2010.09.05 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\CheckPoint [2010.06.10 18:06:43 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Cherry [2010.06.04 20:41:34 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\DataDesign [2011.04.14 16:44:52 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\DVSE GmbH [2011.11.27 12:09:16 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\DxO Labs [2011.11.27 12:09:27 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\DxO_Labs [2011.07.15 22:38:36 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Easeware [2011.04.17 11:07:38 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\FOG Downloader [2010.05.13 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\FRITZ! [2010.05.13 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\FRITZ!fax für FRITZ!Box [2010.06.26 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\GARMIN [2011.01.31 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\HDRsoft [2010.09.05 10:52:38 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\klickTel [2010.05.19 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Leadertech [2011.07.08 17:00:17 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Lexware [2011.03.22 13:13:05 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\MAGIX [2011.01.27 14:27:51 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\NeatImage PS [2011.09.02 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\NeatImage PS 32 [2011.01.26 19:10:07 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\NeatImage SL [2010.11.18 21:51:09 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Nikon [2011.12.03 08:16:33 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Origin [2011.11.27 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\PACE Anti-Piracy [2012.04.01 13:21:45 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\PDAppFlex [2011.11.13 12:23:47 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\PDF Software [2010.06.19 13:57:53 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Research In Motion [2012.02.28 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\RetouchPilot [2010.05.11 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\runic games [2012.06.10 17:47:10 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Samsung [2012.04.01 13:25:57 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.08.09 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\TeamViewer [2011.06.18 08:09:06 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\The Creative Assembly [2011.04.09 15:38:24 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\ThePluginSite [2011.02.27 16:40:06 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\ts3overlay [2010.10.02 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Ubisoft [2011.03.03 21:28:04 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Video DVD Maker FREE [2010.07.05 15:15:38 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Western Digital [2010.07.05 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\Computerservice\AppData\Roaming\Western DigitalTemp [2010.10.17 12:39:03 | 000,000,000 | ---D | M] -- C:\Users\GeraldBurkhardt\AppData\Roaming\FRITZ! [2010.10.17 12:38:25 | 000,000,000 | ---D | M] -- C:\Users\GeraldBurkhardt\AppData\Roaming\Lexware [2010.10.17 12:38:36 | 000,000,000 | ---D | M] -- C:\Users\GeraldBurkhardt\AppData\Roaming\Western Digital [2012.05.11 17:21:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 964 bytes -> C:\ProgramData\Microsoft:rTRLiyPOj1pEZy33W7xQ4kUr @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:63238B95 @Alternate Data Stream - 1162 bytes -> C:\ProgramData\Microsoft:5t8HpQMNDPoSWVeFg @Alternate Data Stream - 1121 bytes -> C:\Users\Computerservice\AppData\Local\Temp:18KfnpQUjjypxxm9Il9dYCQOlDA < End of report > Ich hoffe das ich das so richtig gemacht habe und würde mich freuen wenn die Spezialisten damit etwas anfangen können. Kaspersky Rescue Disk konnte ich nicht verwenden, da beim Booten die Festplatte blockiert war , also im Nur-Lese-Modus lief. Mein System: WIN 7 Prof. 32-bit Phenom X4 965 Ati 6970 Hier noch eine Warnung von G-DATA: Beim Schließen der Datei "C:\Users\Computerservice\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH4\A5" wurde der Virus "Trojan.Generic.7601568 (Engine A)" entdeckt. Datei gesäubert. Hab das Verzeichnis schonmal gelöscht, kommt aber immer wieder. Mit Dank im voraus Grüße Gerald Geändert von Gerbu (04.07.2012 um 14:49 Uhr) |
05.07.2012, 15:04 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner hat auch mich erwischt Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
05.07.2012, 20:58 | #3 |
| Verschlüsselungs-Trojaner hat auch mich erwischt Danke erstmal für die schnelle Antwort. Es scheint ja ein Menge los zu sein
__________________in Bezug auf den GVU-Trojaner. Habe einen Bekannten den es auch erwischt hat. Anbei erstmal den LOG von Malewarebyte: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Computerservice :: WERKSTATT [Administrator] Schutz: Aktiviert 05.07.2012 19:43:14 mbam-log-2012-07-05 (19-43-14).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 508903 Laufzeit: 1 Stunde(n), 53 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Gruß Gerald PS.: Die infizierte Website scheint book-mark.net zu sein :-) Geändert von Gerbu (05.07.2012 um 21:04 Uhr) |
05.07.2012, 21:16 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner hat auch mich erwischt Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.07.2012, 17:22 | #5 |
| Verschlüsselungs-Trojaner hat auch mich erwischt So nun hatte ich Zeit mal alles zu erledigen. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.04.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Computerservice :: WERKSTATT [Administrator] Schutz: Aktiviert 04.07.2012 18:10:08 mbam-log-2012-07-04 (18-10-08).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 492379 Laufzeit: 1 Stunde(n), 26 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Computerservice :: WERKSTATT [Administrator] Schutz: Aktiviert 05.07.2012 19:42:03 mbam-log-2012-07-05 (19-42-03).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 0 Laufzeit: 20 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=aa5a81aeed980845afd71f5d97468553 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-07 01:08:24 # local_time=2012-07-07 03:08:24 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=4096 16777215 100 0 4847658 4847658 0 0 # compatibility_mode=5893 16776573 100 94 10899 93297411 0 0 # compatibility_mode=8192 67108863 100 0 154 154 0 0 # scanned=9126 # found=0 # cleaned=0 # scan_time=283 ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=aa5a81aeed980845afd71f5d97468553 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-07 01:24:32 # local_time=2012-07-07 03:24:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=4096 16777215 100 0 4848040 4848040 0 0 # compatibility_mode=5893 16776573 100 94 11281 93297793 0 0 # compatibility_mode=8192 67108863 100 0 536 536 0 0 # scanned=12962 # found=0 # cleaned=0 # scan_time=869 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=aa5a81aeed980845afd71f5d97468553 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-07 04:15:31 # local_time=2012-07-07 06:15:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=4096 16777215 100 0 4848968 4848968 0 0 # compatibility_mode=5893 16776573 100 94 12209 93298721 0 0 # compatibility_mode=8192 67108863 100 0 1464 1464 0 0 # scanned=287268 # found=3 # cleaned=0 # scan_time=10201 C:\Users\Computerservice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\38cf209d-35627b2b probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Computerservice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\295e1479-773e0c6b probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Computerservice\Downloads\SoftonicDownloader_fuer_core-temp.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I Gruß Gerald |
09.07.2012, 11:08 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner hat auch mich erwischt Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Verschlüsselungs-Trojaner hat auch mich erwischt |
Themen zu Verschlüsselungs-Trojaner hat auch mich erwischt |
32 bit, alternate, bankguard, bho, black, blockiert, bonjour, booten, c:\windows\system32\cmd.exe, call of duty, canon, crystaldiskinfo, error, fehler, festplatte, flash player, focus, format, google, google earth, gvu trojaner, install.exe, intranet, langs, lexware, logfile, mozilla, picasa, realtek, registry, richtlinie, rundll, scan, searchscopes, security, server, software, svchost.exe, taskhost.exe, teamspeak, trojan.generic., udp, usb, usb 3.0, vdeck.exe, visual studio, windows, windows xp, world at war |